Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Cache-Group
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Device
X-Node
EagleEye-TraceId
X-LiteSpeed-Cache
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Server-Id
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Cloud-Trace-Context
X-HW
X-Response-Time
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
X-Country
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
X-Application-Context
X-PC
X-TtlSet
X-Vname
X-Times
Rating
X-Cnection
X-ESI
X-Cache-TTL
X-Browser-Type
X-Edge
X-Midtier
X-Mcache
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Expires
Accept-Ch-Lifetime
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
X-D2id
X-Element-Page-Cache
X-Exp-Id
X-GoogleNews-Bot
X-Abt-Application-Version
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-NWS-LOG-UUID
Verso
X-Upstream
X-B3-TraceId
X-FastCGI-Cache
X-Nf-Request-Id
X-ORACLE-DMS-RID
X-Navigation-Version
X-Mod-Pagespeed
Nginx-Cache
X-Amz-Rid
X-Middleton-Display
X-Sol
Pagespeed
Display
Pinterest-Generated-By
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
X-GitHub-Request-Id
X-ECACHE
X-Language
Response
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Middleton-Response
X-Instrumentation
X-Erf-Bev-Bev
X-Envoy-Decorator-Operation
X-Ua-Device
S
Edge-Cache-Tag
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Goog-Hash
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Url
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Kinsta-Cache
Akamai-GRN
X-Ser
X-Distributor
X-Content-Digest
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
Access-Control-Request-Method
X-Cache-Key
Front-End-Https
X-Dw-Request-Base-Id
X-Ezoic-Cdn
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Ttl
Public-Key-Pins
X-Forwarded-For
X-T
Fastcgi-Cache
X-MSEdge-Ref
TP-Cache
X-Mg-S
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-Varnish-TTL
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
X-Server-Name
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Newrelic-App-Data
X-Fastly-Request-ID
X-CST
X-HS-Combine-CSS
X-Request-Processing-Time
X-Request-Received
X-Kong-Upstream-Latency
Payment
X-Kong-Proxy-Latency
X-Ua-Browser
X-DIS-Request-ID
X-RateLimit-Remaining
X-Content-Security-Policy-Report-Only
Content-MD5
X-Xrds-Location
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-TTL
X-Oneagent-Js-Injection
X-HS-Prerendered
X-Cambria-Cache-Control
X-HS-CF-Cache-Status
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
Content-Disposition
X-Webkit-Csp
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
X-Px
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PressLabs-Stats
X-Page-Id
X-Unique-Id
Cleartype
Accept-Charset
Cross-Origin-Resource-Policy
X-Ratelimit-Reset
X-Proxy
X-Logged-In
X-Origin-Server
X-Activity-Id
X-Az
X-AppVersion
X-Git-Hash
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-FB-Debug
Cross-Origin-Embedder-Policy
X-Rid
X-VARITI-CCR
X-Www-Served-By
X-Load-Cache
X-LLID
X-Hits
X-Goog-Metageneration
X-Template
YJS-ID
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-Forwarded-Proto
Version
X-Amz-Meta-S3cmd-Attrs
Server-Node
Ar-SID
X-Geo-Country
Server-Name
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Amzn-RequestId
X-SERVER-NAME
X-Hostname
AKAMAI-GRN
X-Frontend
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
X-B3-Sampled
Section-Io-Cache
X-URL
X-Varnish-Server
X-Status
Viewport
X-Varnish-Grace
X-App-Server
X-TT
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Device-Type
MRF-Tech
X-Request-Device-Id
Fastly-SWR
Fastly-SIE
X-Varnish-Ttl
X-Fb-Rlafr
X-Grace
Alternate-Protocol
X-B
Access-Control-Allow-Method
X-Server-ID
TCN
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
Upgrade-Insecure-Requests
Healthy
X-Request-Guid
X-Cache-Age
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-Buckets
X-WebKit-CSP-Report-Only
X-CSRF-Token
DC
X-EdgeConnect-Cache-Status
Retry-After
X-Wormhole-Sdk
X-Amzn-Remapped-Content-Length
X-Debug
X-Contextid
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Fastcgi-Cache
X-Cache-Control
AR-SID
MS-Author-Via
X-Revision
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-WP-CF-Super-Cache
X-Instance
X-Response-Served-From
X-WP-CF-Super-Cache-Cache-Control
X-Original-Request-Id
X-NYM-Debug-Backend
X-Origin-TTL
X-Yottaa-Metrics
Cross-Origin-Embedder-Policy-Report-Only
X-Rendered-As
X-Seen-By
X-UUID
X-Type
X-Yottaa-Optimizations
Cross-Origin-Opener-Policy-Report-Only
X-Origin-CC
X-Is-Bot
X-Adobe-Content
X-Adobe-Loc
X-Vcl-Version
X-Akamai-Edgescape
SD-X-WS
X-Backend-Name
X-Hl-Ver
X-G
X-COUNTRY
Section-Io-Id
Access-Control-Request-Headers
X-Lambda-Id
X-Tumblr-Pixel-1
X-Tumblr-User
X-Debug-IsPreview
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Framework
X-Mobile
X-Content-Powered-By
Charset
X-Mg-Request-UUID
X-ServerID
X-Trace-Id
Ms-Operation-Id
X-INCAP-ABP
X-Cache-Hit
MS-CV
X-Storage
X-Server-W
X-RTag
X-RM-Cache-TTL
NGB
X-App-Version
X-RemovedCookies
X-ProcessESI
X-Akamai-Request-ID2
X-N
X-Dc
X-AB
X-DataDome
X-Request-Site
X-Request-Bu
X-Request-Platform
X-Cache-Time
X-Cache-Status-Check
Refresh
Frame-Options
Filterid
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Time
Cache
Accept-Language
Protected
X-B3-SpanId
X-Region
X-Real-IP
X-Node-Name
X-CLOUD-TRACE-CONTEXT
Webserver
CDN-RequestId
SRV
X-ECache
Paypal-Debug-Id
X-User-Agent
Onion-Location
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Ms-Version
Cross-Origin-Window-Policy
X-Ms-Request-Id
X-LB-Cache
Liferay-Portal
X-Whom
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Cache-Expired-At
X-F-Cache
X-VC-Cache
X-Datadog-Trace-Id
X-Requestid
X-IPS-LoggedIn
X-Mode
X-WP-CF-Super-Cache-Active
X-HTML-Minification-Powered-By
Priority
X-Rocket-Nginx-Serving-Static
Backend
Xet-Cookie
X-Pass-Why
OT-Force-Account-Verify
X-Oracle-Dms-Ecid
X-HITS
X-Tb
GEO-INFO
X-L-Path
X-Proxy-Cache-Info
X-VC
X-Environment-Context
X-Service
X-Cacheable-TTL
X-App-Environment
X-FW-Server
X-Endurance-Cache-Level
Fastcgi-Useragent
X-Adobe-Source
X-MP-GENERATED-AT
X-Is-Desktop
X-Vcache
X-Cloudmap
X-SaId
X-Detected-As
X-Loop
X-Drupal-Cache-Tags
X-Is-Tablet
X-Debug-Info
X-Routing-Service
X-Extlb
X-Rewrite-Enabled
X-Browser-Name
X-Tncms
X-FW-Dynamic
X-Proxied
X-Zipkin-Id
Url
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Version
ServerID
X-Rn-Rsrv
Web-Mar-Node
X-Servername
Meta-Geo
X-Handled-By
Filters
X-Tcp-Rtt
X-UPSTREAM-Address
X-Is-Supported-Browser
X-Geo-Region
X-Is-Mobile
X-JoinUs
TWC-GeoIP-Region
Webcakes-App-Version
X-IPLB-Instance
X-IPLB-Request-ID
Webcakes-App-Name
TWC-Privacy
X-Alternate-Cache-Key
Webcakes-Region
TWC-Locale-Group
TWC-Connection-Speed
X-Forwarded-Host
X-Format
X-Generation-Time
X-Web-Node
Property-Id
X-Storefront-Renderer-Rendered
X-Origin-Hint
X-Origin-Date
LB
X-Director
X-Varnish-Beresp-Grace
X-Logging-Id
X-Locale
ServedBy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-GeoIP-City
TWC-GeoIP-DMA
X-Rule
X-Hosted-By
X-Restarts
X-Cdn-Origin
Country
X-Hit
X-Shopify-Stage
X-Cache-Host
Atl-Traceid
X-Wix-Request-Id
TWC-Device-Class
Mn-Server-Ip
X-Cluster
Uber-Trace-Id
X-Cms-Context
X-Redis-Cache
X-Soup
X-Cluster-Node
X-Httpd
X-Edge-Location
X-Skip-Cache
X-Scope-Id
X-ProxyCache-Status
X-Cache-Action
X-ProxyCache-Key
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-BYPASS-REASON
Apigw-Requestid
Environment
X-Mly-Id
X-Drupal-Cache-Contexts
X-PHP-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Served-From
X-Labrador-Cache-Channel
X-S
X-FB-TRIP-ID
X-Proxy-Build
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Timing-Wait
X-R9-Blue-Green-Version
X-Origin-Cache
Expiry
X-Connection-Hash
Cache-Hits
X-Fetched-On
X-Origin
Locale
X-Auth-Group-Type
X-Urbn-Site-Id
Selected-Fe
X-Urbn-Context-Path
DB-Nickname
Countrycode
X-Sorting-Hat-PodId
X-GEO
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-No-Session
X-RCS-CacheZone
X-VCT
X-Source
YJS-CacheStatus
X-Yandex-Req-Id
X-Varnish-Cache-Hits
X-Cache-Debug
X-Is-Modern-Browser
X-Varnish-Age
Front
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Status
X-Lagoon
X-Api-Version
Node
X-XRDS-Location
Xserver
X-Provided-By
X-Site-Version
X-Is-Mobile-Only
X-Webstats-RespID
X-Platform
X-Generated-By
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-UA
X-Cdn
From-Origin
Cache-Provider
X-Accel-Version
X-Fastly-Request-Id
X-TA-CDN-Provider
X-B3-Traceid
X-Azure-Ref-OriginShield
Referer-Policy
X-Ua
X-CDN-Forward
X-NewRelic-App-Data
X-Xfnlog-Site
X-CDN-Cache-Status
X-B-Cache
X-Signature
X-VC-TTL
Request-ID
X-TT-LOGID
CF-IPCountry
X-PHP-Backend
X-NWS-UUID-VERIFY
X-Sucuri-Cache
Location
WPO-Cache-Message
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
AMP-Access-Control-Allow-Source-Origin
CDN-RequestPullCode
X-CACHE-AGE
CDN-Uid
CDN-RequestPullSuccess
X-Air-Pt
CDN-PullZone
CDN-RequestCountryCode
X-Reqid
X-Cache-Rule
X-Cache-Operation
X-Optimistic-Header
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-ID
X-Tt-Logid
X-IsAdmin
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Ec-Fail
Candidate-Md5Url
Apple-News-Services-Host
X-D
X-Destination
X-Depends
X-Developer
Cdncip
Sslversion
X-External-Request-Id
X-Ee-Request-Id
X-Fmm-Version
X-Forwarded-Site
X-GeoCode
Cdnsip
X-Ee-Request-Date
X-Ec-GeoHdr
X-Ee-Generated-By
RNT-Time
X-Ee-Origin
Apple-News-Services-Handled
Store-Cloud-Cache
Log-Origin
X-Access
MD5-Digest
Meta-Geo-Continent
Lang
X-Action
Time-Cloud-Cache
X-AK-Request-ID
X-Aed
X-A-Wwc
Ngx.Var.Host
X-A-Ccd
X-A
Web-Mar-Region
Origin
Odigeo-Trace-Id
X-A-Dgt
X-A-Dcw
X-A-Dam
X-Application
X-Auto-Login
X-Cms-Device
X-Clientip
X-Cache-NE
X-Cache-Aspx
Redirect-Candidate
X-Conf
X-Core-Value
X-Content-Age
X-Contensis-Viewer-Groups
X-Frame-Option
DCR-Decision-By
Rendered-Blocks
Fl-Custom-Application
X-B-Cookie
Fastly-SSL
Expect-Staple
DCR-Processing-Time-Ms
X-Bl-Debug
X-BCube-Filmed-By
RNT-Machine
X-GeoCountry
X-VG-TLSProxy
X-VG-WebCache
X-Vdms-Version
X-Vary-Devices
X-Varnish-Director
X-Viewer-Country
X-Origin-Expires
X-Micro-Cache
XM
Xc-Version
X-Old-Content-Length
X-Request-URI
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Varnish-Authentication
X-Section
X-Rojux
X-S-Cookie
X-Save-Cache
X-ScT
X-Tx-Id
X-Vtex-Remote-Cache
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Loc
X-Ig-Origin-Region
X-Gen-Mode
X-Human
X-Acquia-Purge-Cdn-Unconfigured
X-Varnish-CookieHashed-On
X-Accel-Expires-Debug
X-Varnish-Beresp-Status
X-Shield-Cache-Expires
X-Backend-Instance
X-Gdpr
X-Varnish-CookieINHashed-On
X-Akamai-Device-Characteristics
X-App-Name
X-FC-Vary-Parameters
X-Render-Time
X-Fastly-Backend
X-From
X-Generated-On
X-Varnish-Remaining-TTL
X-Hash
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-UA-Device-Type
X-GeoIP-Region-Code
TDXMobile
X-Sn-Servicetimems
X-Thinkindot-L3
X-Thinkindot-L1
X-GeoIP-Country-Code
X-Up
User-Cache-Control
X-Uri
X-SIPLIST1
X-V-Cache
X-Internal-TTL
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
X-GoCache-CacheStatus
Wxu-Next-Commit
X-Hnp-Log
X-Eu-Site
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefElseHash
X-DefHash
X-Date
X-Moov-T
X-Csrf-Jwt
X-CUA
X-Moov-Xdn-Caching-Status
Cluster
Host-ID
X-PAYTM-SRV-ID
X-PERF
ServerName
X-Req
X-Node-Id
X-Men
X-ApacheServer
X-Ec-Custom-Error
X-Level-Front-Cache
X-Varnish-Hostname
X-Moov-Xdn-Version
X-Block-Status
X-Epic-Correlation-Id
X-Path
X-Bug-Bounty
X-Policy
X-Pubstack
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Region-Sid
X-Origin-Time
X-Ion-Healthy
X-Jungle-Id
X-Content-Length
X-Nyt-Route
X-Ion-Hop
X-We-Are-Hiring
X-CGP
X-GeoIP-City
X-Worker
X-SD-PageType
X-Aicache-OS
Origin-Agent-Cluster
Nord-Request-ID
Cache-Contol
Origin-CC
Origin-EX
Cmstype
Azure-Version
Country-Code
CDCHOST
Ha-Gx-Prefs
Cmsid
Gh-Request-Id
IsBot
L5d-Success-Class
L
Azure-SiteName
Azure-SlotName
Req-Svc-Chain
Gannett-Cam-Experience-Id
DSUID
RewriteTestHook
RewriteTeamHook
Server-Host
Azure-RegionName
Azure-InstanceId
X-Presslabs-Stats
X-LSADC-Cache
X-Cache-Date
X-Cache-FS-Status
Content-Script-Type
X-SVT-ORM-VERSION
X-CacheTTL
X-SVT-ORM-RULES
Content-Style-Type
X-Cache-Id
X-Server-IP
CacheControlHeader
X-Edge-Server
X-Mvc-Supplant-Cachable
Sid
X-Esi-Check
X-Gamma-Serve
X-Gzip
X-NMSegId
X-DPWN-IS-SECURE
Cdn-Request-Time
Click-Count-Action-Start
Cdn-Host
X-Proto
C-Via
Click-Count-Error
X-Bip
Pragrma
We-Hiring
Producers
Platform
Origin-Site
X-Thanos
NM-Fastcgi-Cache
X-SB
X-VarnishDD-TTL
X-Via-Fastly
N-Cache
Release
X-Org
Tube-Get-Contents
Tube-Got-Eval
Tube-Return
Tube-Got-Results
X-HN
X-Op-Id-All
X-Vmg-Version
X-Wikidot-Backend
X-B3-Trace-ID
Fastly-GeoIP-CountryCode
X-Vercel-Id
Fastly-Backend-Name
PFcat
X-Wikidot-Static-Cache
X-Vercel-Cache
X-AB-Test
Machine
X-Amz-Storage-Class
Mail-Subject
X-Dispatcher-Server
X-VWS-Id
X-LJ-Flow-ID
X-Parent-Response-Time
X-AWS-Id
X-TH-Server
X-Mvc-Supplant-OutputCached
X-ElasticPress-Query
X-Origin-Response-Time
X-Proxied-Request
X-Litespeed-Cache-Control
X-Location
Source
Canary
X-Litespeed-Tag
X-Pad
X-ZONE
NGX
X-Cs
S-Rt
Debug
Powered-By
Product
Mime-Version
X-Cached-By
X-NGINX-Cache
Fastly-Drupal-HTML
X-Refresh
Vix-Hermes-Req-Id
X-Amz-Meta-Cb-Modifiedtime
HA-Ipaddr
X-Upstream-Ct
X-Cdn-Forward
X-Upstream-Ht
X-ND-Cache
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-APP
X-Nananana
X-Cache-VC
CloudFront-Viewer-Country
Pics-Label
Cookie
X-Varnish-Hits
X-Ah-Environment
GeoIP-Latitude
X-DynaTrace-JS-Agent
Edge-Cache
X-HA-Backend
X-User
X-Datadome
X-Servedbyhost
X-LB-ID
X-Nginx-Cache
X-AIR-PT
Server-ID
GeoIp-Country-Code
X-Webkit-CSP
Akamai-Mon-Iucid-Del
X-LB-NoCache
HostName
X-GeoIP
Surrogated-Key
X-Wa
WZWS-RAY
X-Fpc
X-Nc
DataCenter
X-Srv
X-B3-Parentspanid
Fastly-Drupal-Html
X-Request-Start
MIME-Version
X-Zone
X-Unity-Cache
X-Debug-Service
X-Nginx-Cache-Key
X-Scheme
Resin-Trace
SID
Sever-Int
Server-Hostname
Server-Ext
True-Client-Country-4JS
X-RateLimit-Limit
X-CS
Load-Balancing
X-NodeID
X-Pool
X-Request-Host
N1-Cache
Tcn
Show-Do-Not-Sell-Link
X-RequestId
X-Lsadc-Cache
X-VCL-Version
Lb
Sm-Log-Id
X-DynaTrace
Wsr-Cache
X-Cache-Backend
Cdn
X-Service-Response-Time
X-Cache-Grace
X-FORWARDED-FOR
X-B3-Spanid
X-Newrelic-Synthetics
X-TX-ID
Yak-Timeinfo
X-Vgn-Hpd-Reason
X-DataCenter
Yjs-Id
NtCoent-Length
Traceparent
X-Via-SSL
X-HOST
X-LiteSpeed-Cache-Control
X-Datacenter
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Air-Source
X-NODE
X-Air-Hostname
X-Air-Trace-Id
X-Vc
X-Zen-Fury
CDN
X-Geolocation
X-WA
X-Client-Ip
X-Fastly-Backend-Reqs
X-HubSpot-Correlation-Id
X-CDN-Provider
X-Jobs
Cdn-Requestid
X-NC
Datacenter
X-FPC
X-API-Version
Req-ID
X-LiteSpeed-Tag
Hostname
Uri
X-Cdn-Srv
X-Udemy-Cache-App-Namespace
Serverhost
Xkeylog
Xkey-La3
X-ID
X-Proxy-CacheR9
X-Proxy-Cache-La3
Server-Id
XkeyR9
X-Powered-By-VTEX-Cache
A
X-Html-Minification-Powered-By
X-Akamai-Pragma-Client-IP
True-Client-IP
X-Dynatrace-Js-Agent
GeoIP-Country-Code
WP-Super-Cache
Srv
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Varnish-Beresp-TTL
ServerHost
RATING
Geoip-Latitude
X-Ez-Minify-Js
X-Stale
T-Server
X-ServedByHost
X-TimeS
X-Lb-Id
Proxy-Firewall
On-Server
X-Webkit-Csp-Report-Only
Cloudfront-Viewer-Country
Coldstone-Viewer-Currency
Esi-Enabled
Coldstone-Viewer-Country-Region-Name
X-WA-Info
X-Lb-Nocache
From-Cache
Coldstone-Viewer-Country
X-Ha-Backend
X-Via-JSL
X-Swift-Error
WebServer
X-Oracle-DMS-ECID
Cs
CountryCode
X-VC-Age
X-CSRF-TOKEN
X-App
X-Ez-Minify-Html
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-MSEdge-Features
BehaviorPad-Version
X-Correlation-ID
X-MSEdge-Flight
X-Via-PopN
X-Fastly-Cache
X-HA-Bot-Classification
X-Via-PopH
X-Styx-Info
X-Ssense-Gql
Cr
FSS-Cache
X-Ssense-Shipping-Surcharge-Enabled
Pramga
X-Styx-Origin-Id
X-Via-PopV
X-HA-Device-Type
X-HA-Application-Name
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Sorting-Hat-Podid
Content-Secure-Policy
X-TIM-N
X-Var-Ttl
X-Sorting-Hat-Shopid
X-Geo
Ngx
X-Check-Cacheable
X-Web-Server
X-Shardid
X-Cdn-Cache-Status
X-Shopid
X-Proxy-Cache-LA2
X-Serial
W
X-DC
My-App
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Request-Url
X-Elasticpress-Query
Akamai-X-True-TTL
X-Th-Server
X-ATG-Version
X-Nitro-Cache
X-Request-Time
X-Sucuri-Id
Cf-Ipcountry
Xkey-G-Jp
X-Env
User-Agent
X-Cache-TTL-Remaining
Cl-Cache
PICS-Label
X-Ramcache
Bxuuid
X-Fastly-Cache-Status
Host-Name
True-Client-Ip
X-Mg-Cache
FSS-Proxy
Bxpunish
Cneonction
X-Fastly-Cache-Hits